Why and how to defend business data
Business has gone digital, and it can’t go back. This state of affairs has come to pass in every industry imaginable, bringing a new set of practices that leaders will have to follow. If you’re stepping into a position of authority, you’ll have to become aware of your organization’s digital footprint – both how to use data to get ahead in your industry, and how to defend that digital content against the risk of a breach.
When organizations only half-embrace the current age of IT-driven business, taking on the advantages without worrying about protecting their digital infrastructure, they make themselves easy targets for cybercriminals. As software and hardware have gotten more powerful, these thieves are hardly disappearing, instead currently operating at their highest observed levels.
No matter your business’s region or exact industry, it’s important to grapple with the state of cyber security, familiarizing yourself with what might happen to your data. Then, it’s time to install defenses that comply with the law and answer the threat posed by tech-savvy criminals. In a world where data is a pillar of business, information protection is a key value for a modern executive.
Ongoing risk
As long as there are cybercriminals, data security will be part of the business playbook. Following a year in which the frequency of data breaches rose 40 percent according to an Identity Theft Resource Center report, there is little doubt: Even staying consistent isn’t enough to keep a company safe. Businesses need to periodically increase their security to survive in this challenging environment.
Organizational responsibility
Breaches of customer data are fraught with risk of all kinds. Your company isn’t just holding information relevant to its own operations, either. Customer data is made up of everything from transaction records and payment data to granular information used to customize individual experiences. This content is essential to performing the functions of a modern business, and hackers are interested in stealing it.
As indicated by the National Conference of State Legislatures, 48 states have laws on the books requiring organizations to tell individuals whose data has been compromised. This process differs from one territory to another, but the general thrust of the laws remains the same: When your data suffers a breach, you have a duty to inform the public. Reputational damage can result in these cases, potentially adding sluggish future sales to the out-of-pocket expenses to expel the attackers and repair the damage.
Damage assessment
Cisco’s 2017 Annual Cyber Security Report delved into the costs of data loss and explained that more than half of breached companies were scrutinized by the public. While operations and finance suffered the most after attacks, reputation and retention were the nextmost-affected traits. Consumers tread carefully around companies that have been hacked, well aware of how troublesome it would be to lose control of their personal information.
Breaking down the Cisco data further, 22 percent of companies lost customers, 29 percent suffered revenue damage and 23 percent saw reduced business opportunities for the future. The need to avoid these results makes it official: Data protection deserves a prominent place in a company’s budget for the year. Failure to defend data is negligent.
All-encompassing threat
There is no one profile of a company at great risk of suffering a data breach. The aforementioned customer information is a feature of every imaginable industry, and the Verizon Data Breach Information Report confirmed this variety.
While financial institutions understandably topped the list with their stores of bank account data, they only attracted 24 percent of breaches during the study’s reporting period. Health care suffered 15 percent of breaches, followed by the combined retail and accommodations sectors, also at 15 percent. Public sector agencies weren’t spared – 12 percent of victims came from the government.
Individual targets
One of the most terrifying facts about data theft today is that all it takes is one virtual foothold to expose a company’s data. A single official making a poor decision and clicking on the wrong link can doom an organization to information theft. The Identity Theft Resource Center noted that spear phishing – deceptive messages sent directly to employees – are on the rise. In addition to stealing data, thieves that access content can hold the information for a ransom, a method that has become more prominent in recent years.
Beyond the targeted strikes of spear phishing, hackers have rediscovered some of their blunt-force attacks. According to the Cisco report, 2016 was a big year for mass emails and adware. This combination of precision and volume shows the enormity of the task facing companies today.
Employees can run into online danger in any number of ways.
Cisco added that hackers have become increasingly “corporate” in recent years. Cybercriminals are deploying complex, multi-step attacks which operate some campaigns specifically to mask what is happening with other malicious software. Corporate leaders will have to be ready for sophisticated hacking that equals their own operations in terms of sophistication and organization.
Proactive risk mitigation
With the risks of modern business firmly in mind, it’s important to ask what companies are doing to stop hackers – and what they could be doing better. To begin coordinating a response to hackers, leaders need to understand where the attacks will come from. The most recent Verizon survey pointed out that outside hackers are the main causes of data breaches – they were responsible for 75 percent of studied attacks. That said, if managers ignore the threat of internal attacks, they may regret it. That other 25 percent of breaches is still a significant number.
Executive buy-in
When creating preventive strategies designed to keep criminals out of vital systems, leaders should work with subject matter experts within the organization. SANS advocated for a model in which organizational executives strike up functional partnership with the security team. When these alliances are reduced to experts providing recommendations to the bosses, the most vital policy proposals may never make it into use.
SANS interviewed security chiefs about their role and found that in some cases executives, potentially buoyed by the fact that they haven’t yet been breached, end up sticking with antiquated solutions too long. Executives who take on this kind of closed-off stance could find themselves humbled by attack methods that go beyond their ability to correct.
Preventive measures
Preparation is a virtue when it comes to cyber security, as is self-knowledge. Cisco suggested that companies not just put well-considered preventive security plans in place, but also that they test these strategies. Information gathered from successful tests that can compare performance can go a long way in determining whether an organization is on the right track. Leaders can’t be afraid to ensure their preparedness, at the risk of being unready when a real threat emerges.
Cisco also recommended an approach with plenty of integrated and automated IT elements. When human security personnel are aided by plenty of advanced algorithms, they’ll have extra time to give to the investigations that really deserve their full attention. Designing a security strategy that works is always about setting the team up for success, giving them the best chance against unknown and potential threats.
Evolve with technology
Every year brings changes and escalation in the risk and seriousness of cyber incidents. Using a strategy that applied in 2010, or even 2016, isn’t acceptable in 2017. Next year, things will have changed again. Leaders should acknowledge that to truly be prepared for whatever hackers may dish out, they’ll have to keep their systems evolving. The following are among the recent trends and likely future threats.
Breaches that linger
According to Experian’s Data Breach Industry Forecast, the latest trend in information loss is that companies’ past problems are coming back to haunt them. The source gave the example of the 2014 Yahoo breach, which led to a massive release of stolen information… in 2016. Users who employ the same passwords across different sites may find themselves compromised as stolen data sets hit the web for years to come.
In fact, Experian suggested that this new trend may bring about wholesale change in the way people think about identification, and the way companies respond to breaches. Users themselves should probably switch to multiple-factor authentication, enabled by online services that support this more secure form of login. As for organizations, they’ll have to become more detailed in their disclosures of breaches, helping affected individuals stay safe online in the years ahead.
New frontiers
Companies are using cloud-based applications to become more effective at sharing data. Internal apps enable companies to work together over great distances, while customer-facing versions empower advanced interactions with wide audiences. Of course, Cisco noted that these helpful cloud-based tools are now likely targets for cyberattacks. The appeal is obvious: New technology with connection to companies’ networks is a potential way for hackers to gain a back door into corporate data.
The lesson here is that no asset is too new or too old to defend from criminals. New solutions may have vulnerabilities that haven’t been detected yet but demand attention. Older tech products may be suffering from a lack of support by vendors, meaning they need replacement. The challenge for IT departments and executives is to concoct strategies that will keep an eye on every piece of a sprawling network. This is a 2017 problem that seems poised to become more acute in 2018 and on.
A part of the job
The main trait of cyber security in 2017 is that it is everywhere. No role is exempt from the need for safety, no industry is without threats and no size company can avoid attention from attackers. As long as leaders accept the responsibility to defend their digital assets and make themselves aware of the very real value of their data, they’ve taken the first step in the right direction.
The importance of cyber security is clear in its inclusion in relevant degree programs. Today, competency with data has become part of the Master of Business Administration curriculum. Technology use is inextricable from other forms of business excellence.
Recommended Readings:
Understanding the Importance of Marketing Data
4 ways an MBA Can Help You Advance Your Career
Sources:
http://www.verizonenterprise.com/resources/reports/rp_DBIR_2017_Report_en_xg.pdf
https://newsroom.cisco.com/press-release-content?articleId=1818259
http://www.experian.com/assets/data-breach/white-papers/2017-experian-data-breach-industry-forecast.pdf
https://www.sans.org/reading-room/whitepapers/dlp/data-breaches-prevention-practical-37267
http://www.idtheftcenter.org/2016databreaches.html
http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx